<?php

ob_start();
include_once ('../../utilities.php')

?>
<!DOCTYPE html>
<html>
<head>
	<link rel="stylesheet" type="text/css" href="../../reset.css">
	<link rel="stylesheet" type="text/css" href="../../mainStyle.css">
	<link rel="stylesheet" type="text/css" href="../../searchButton.css">
	<title>Password Change</title>
</head>
<body>

	<div id="container">
		<?php

$root = '../../';
include_once ('../../header.php')

?>
        
		<div id="page-body">
		<?php

if (!empty($_POST['oldpassword']) && !empty($_POST['newpassword']) && !empty($_POST['newpassword2']) &&
    !empty($_SESSION['LoggedIn']) && !empty($_SESSION['User']))
{ //If fields are set from form
    $myuser = unserialize($_SESSION['User']);
    if (sha1($_POST['oldpassword']) != $myuser->getPassword())
    {
        //The old password must match the database's password


?>
				<p>Sorry, the old password was incorrect. Please <a href="./">click here to try again</a>.</p>
				<?php

    } elseif ($_POST['newpassword'] != $_POST['newpassword2'])
    {
        //The new passwords must match


?>
				<p>Sorry, the new passwords do not match. Please <a href="./">click here to try again</a>.</p>
				<?php

    } elseif (checkPassword($_POST['newpassword']))
    {
        //The password is valid (long enough, alphanumeric)
        //Set the user's password
        $myuser->setPassword($_POST['newpassword']);
        $_SESSION['User'] = serialize($myuser);
        define('IN_PHPBB', true);
        $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH :
            '../../forum/';
        $phpEx = substr(strrchr(__file__, '.'), 1);
        include_once ($phpbb_root_path . 'common.' . $phpEx);
        include_once ($phpbb_root_path . 'includes/functions_display.' . $phpEx);
        $user->session_begin();
        $auth->acl($user->data);
        $user->setup('viewforum');
        $sql = "UPDATE " . USERS_TABLE . " SET user_password='" . phpbb_hash($_POST['newpassword']) .
            "' WHERE user_email = '" . $myuser->getEmail() . "'";
        $db->sql_query($sql);

?>
				<p>Your password has been successfully changed. Please <a href="../">click here to return to your account page</a>.</p>
				<?php

    } else
    {

?>
				<p>Sorry, the new password was invalid. Please <a href="./">click here to try again</a>.</p>
				<?php

    }
} elseif (!empty($_SESSION['LoggedIn']) && !empty($_SESSION['User']))
{ //Form to input info if logged in
    $user = unserialize($_SESSION['User']);

?>
			
			<p>A password must be at least 8 characters in length and contain both letters and numbers.</p>
			
			<form method="post" action="./" name="passwordform" id="passwordform">
			<fieldset>
				<label for="oldpassword">Old Password:</label><input type="password" name="oldpassword" id="oldpassword" /><br><br>
				<label for="newpassword">New Password:</label><input type="password" name="newpassword" id="newpassword" /><br><br>
				<label for="newpassword2">New Password:</label><input type="password" name="newpassword2" id="newpassword2" /><br><br>
				<input type="Submit" name="Submit" id="Submit" value="Submit" />
			</fieldset>
			</form>
			
			<?php

} else
{

?>
					
			   <p>You must login to view this page.</p>
									
			   <?php

}

?>
		</div>
		
		<?php

include_once ('../../footer.php')

?>
	</div>

</body>
</html>